# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=dnsmasq
pkgver=2.86
pkgrel=5
pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
url="https://www.thekelleys.org.uk/dnsmasq/"
arch="all"
license="GPL-2.0-only OR GPL-3.0-only"
depends="$pkgname-common=$pkgver-r$pkgrel"
makedepends="
	coreutils
	dbus-dev
	linux-headers
	nettle-dev
	"
install="
	$pkgname.pre-install
	$pkgname.pre-upgrade
	$pkgname-dnssec.pre-install
	$pkgname-dnssec.pre-upgrade
	"
subpackages="
	$pkgname-doc
	$pkgname-dnssec
	$pkgname-dnssec-dbus
	$pkgname-openrc
	$pkgname-common::noarch
	"
source="https://www.thekelleys.org.uk/dnsmasq/dnsmasq-$pkgver.tar.xz
	0000-underflow.patch
	0001-Retry-on-interrupted-error-in-tftp.patch
	0002-Add-safety-checks-to-places-pointed-by-Coverity.patch
	0003-Small-safeguard-to-unexpected-data.patch
	0004-Fix-bunch-of-warnings-in-auth.c.patch
	0005-Fix-few-coverity-warnings-in-lease-tools.patch
	0006-Fix-coverity-formats-issues-in-blockdata.patch
	0007-Retry-dhcp6-ping-on-interrupts.patch
	0008-Fix-coverity-warnings-on-dbus.patch
	0009-Address-coverity-issues-detected-in-util.c.patch
	0010-Fix-coverity-detected-issues-in-option.c.patch
	0011-Fix-coverity-detected-issue-in-radv.c.patch
	0012-Fix-coverity-detected-issues-in-cache.c.patch
	0013-Fix-coverity-issues-detected-in-domain-match.c.patch
	0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch
	0015-Fix-coverity-issues-in-dnssec.c.patch
	0020-fix-domain-match-local.patch
	0021-build_server_array.patch
	0022-Fix-problems-with-upper-case-in-domain-match.patch
	0023-Optimize-inserting-records-into-server-list.patch
	0024-Fix-massive-confusion-on-server-reload.patch
	0025-reuse-server.patch
	CVE-2022-0934.patch

	config.h.patch
	dnsmasq.conf.patch
	$pkgname.initd
	$pkgname.confd
	"

# secfixes:
#   2.86-r1:
#     - CVE-2022-0934
#   2.85-r0:
#     - CVE-2021-3448
#   2.83-r0:
#     - CVE-2020-25681
#     - CVE-2020-25682
#     - CVE-2020-25683
#     - CVE-2020-25684
#     - CVE-2020-25685
#     - CVE-2020-25686
#     - CVE-2020-25687
#   2.80-r5:
#     - CVE-2019-14834
#   2.79-r0:
#     - CVE-2017-15107
#   2.78-r0:
#     - CVE-2017-13704
#     - CVE-2017-14491
#     - CVE-2017-14492
#     - CVE-2017-14493
#     - CVE-2017-14494
#     - CVE-2017-14495
#     - CVE-2017-14496

build() {
	make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC" all
	mv src/dnsmasq src/dnsmasq~dnssec

	make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC -DHAVE_DBUS" all
	mv src/dnsmasq src/dnsmasq~dbus

	make CFLAGS="$CFLAGS" clean all
}

# dnsmasq doesn't provide any test suite (shame on them!), so just check that
# the binary isn't totally broken...
check() {
	./src/dnsmasq --help >/dev/null
}

package() {
	provider_priority=100  # highest (other providers are dnsmasq-dnssec, dnsmasq-dnssec-dbus)

	make PREFIX=/usr DESTDIR="$pkgdir" install

	install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
	install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
}

dnssec() {
	pkgdesc="$pkgdesc with DNSSEC support"
	provides="$pkgname=$pkgver-r$pkgrel"
	provider_priority=20  # middle (other providers are dnsmasq, dnsmasq-dnssec-dbus)

	install -D -m 755 "$builddir"/src/dnsmasq~dnssec "$subpkgdir"/usr/sbin/dnsmasq
}

dbus() {
	pkgdesc="$pkgdesc with DNSSEC and D-Bus support"
	provides="
		$pkgname=$pkgver-r$pkgrel
		$pkgname-dbus=$pkgver-r$pkgrel
		$pkgname-dnssec=$pkgver-r$pkgrel
		"
	provider_priority=10  # lowest (other providers are dnsmasq, dnsmasq-dnssec)

	cd "$builddir"
	install -D -m755 src/dnsmasq~dbus "$subpkgdir"/usr/sbin/dnsmasq
	install -D -m644 dbus/dnsmasq.conf -t "$subpkgdir"/usr/share/dbus-1/system.d/
}

common() {
	pkgdesc="$pkgdesc (common files)"
	depends=""
	replaces="$pkgname<2.86-r1 $pkgname-dnssec<2.86-r3"

	install -D -m644 "$builddir"/dnsmasq.conf.example "$subpkgdir"/etc/dnsmasq.conf
	install -d -m755 "$subpkgdir"/etc/dnsmasq.d

	install -D -m644 "$builddir"/trust-anchors.conf \
		"$subpkgdir"/usr/share/$pkgname/trust-anchors.conf
}

openrc() {
	default_openrc
	install_if="openrc $pkgname-common=$pkgver-r$pkgrel"
}

sha512sums="
487eae0afbc8bb3d5282a729ffb0cb2c9bdc7d8e46e2e8aa114cd7c5d82e0fd66f49926e7fa4028577548d6f57e8a865aca17f33963a589874584d608ab2deaf  dnsmasq-2.86.tar.xz
bae115897d25aa1eec1d7e60f7faa6c1c50685fce7f7decc2296256c2d26cb3cd104935b81bbfc58536ee6c44ae4ba350b022d0f9ea2798b0dc391a498258063  0000-underflow.patch
da45c81c475666936895a582d957495fb16034ee7d474d6f1b5751edc1f2f581eda020401a938aafa70bfd239a551d6acaf545e9c79674b9a6841d2c7f827df0  0001-Retry-on-interrupted-error-in-tftp.patch
9e82f19b808954211c1deb1b2e648236c161fc7b9c8a6796c5ecf3a37e7b13a76b83fe13a2bf5a20f62d78ac789102cae96925c1e40bd13ec2968831805ff9c6  0002-Add-safety-checks-to-places-pointed-by-Coverity.patch
e3d40e71e93b417429c15a6a7d15b9dd7441e8235651f457e66ff509a3fc1144b53ba3e3425b97d909301c38c15091e942ef822e53ab81900472d20ecee30e75  0003-Small-safeguard-to-unexpected-data.patch
990ab720de1940794829e9830e01de71b0c7bf36ccfcf32b109533d0dd25efce63612ba612a611fc065e0634240e9252a905973dc0a5beb614088990c0a5b658  0004-Fix-bunch-of-warnings-in-auth.c.patch
3d24d216dad94f272d7a7b724e14d4a86e9eb2a6d9088a18b8821b5bc61675397acb5134b0349cbce57ae3f42396d922d801b41514202f78bbdfdf785dbeb5bf  0005-Fix-few-coverity-warnings-in-lease-tools.patch
aa558bd2356c3d820425132d1e26039bc8ed1782cde6e421a363ae405c8a7a044253d74bd9bf2b0e3728b06d1f5ca0a1a5102f79fea4ee1f54298111e796f05a  0006-Fix-coverity-formats-issues-in-blockdata.patch
aadb1cb9f7d21b1a083fc664e060a1509cbbe00549ea6466faf92887044e7bca58cf2cbddb82b70cbfe2fbf7a082e7a89d266c8ddc7b7a7dab793c9f99522457  0007-Retry-dhcp6-ping-on-interrupts.patch
ccace656e7abbc97f6709a642e9fb7875bb220f3e8ff89a601e703ac5143401ccb0a365971c7effb11b9a5b710733011bc1d39b4dde7996321053b9d08faca26  0008-Fix-coverity-warnings-on-dbus.patch
39e4b52b25e3223f5803f73f721a597bfe8cb5df96aa5e0fdfda62672380c55301821a610e11e167a0eca44bf2cd4c45f995b79e19e9cd0f2c62d89f8451935b  0009-Address-coverity-issues-detected-in-util.c.patch
462996c6f0f278fad95156f5bae059f34384849f5602af674d073f29b889d2cbf993717641dc6ab02de4e0195fb22d8b440495272271c4969011151068888cf2  0010-Fix-coverity-detected-issues-in-option.c.patch
09167fa3ee06d7686f83639a70fd97d3b50d8ccb8bcef57a99905536fd9f53f00b3019a29b96715bab19ec0129babdc4ebe360d5439f5902f4cddff0a6fc4c54  0011-Fix-coverity-detected-issue-in-radv.c.patch
a60d537ab2f89cff05fbbf02c0b7167b823b0e024b70b80d69828bf111875ea8c238448ffad4ef8f67a1be5cd2be5751ab5a8b489ba34f57f3d3074d5832001e  0012-Fix-coverity-detected-issues-in-cache.c.patch
edc4cbec2b506a995ed454903972aed130577c8dd04c218999023e6c1830ed8ba4b77926b60c7f19a7b03550eed3ba18f4ce68ec4760650ccbbcedfa1f3ea0c7  0013-Fix-coverity-issues-detected-in-domain-match.c.patch
6383a7a4ec6f11468bd416b9b96ecc35fd291f439a80230aa773186aa31894a898d776c651ab68dd8f3517bceebee81536c3523c648d6a795b1207555992deb7  0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch
7af46affcff002361d3412f0448d428b37299e6fda1c335bae4947a9ea29e1709a041df21e5376a474946a6b46ff00994abd2d56fdc4946facb93daffcac42ba  0015-Fix-coverity-issues-in-dnssec.c.patch
dcd8bac303c8988a5096996d395b6ffd1a98ba5e5b48591dac3250bdb95eef7f3e9fe5800150ea49877abb76b588c409db3d4db2f04f28a359a1dd069b2d6c7a  0020-fix-domain-match-local.patch
f511a279c776e125530747c9df3e92b93af39cdfc1861e0ad53ddf7c41e091f09b51aba56ce3dcb06a2e4d60962aee81288d6157d0f4355cc6586f0ef67f6c4f  0021-build_server_array.patch
2b639d3355221eedd462b59a79535b9ce1787be08d88e7f30dc7e7d77d50e5652378acaa297d63dd793cc46d5cf8de6529c9fe9c694ff6edc67358165a6b117b  0022-Fix-problems-with-upper-case-in-domain-match.patch
7a5bbdd0bf8b9ab188f46d3ef4c5aaa860256e48b5e3363bbc4639d1b279d4209490ae54317a1d33e1d238482796e8cc6181fcf80365ce6dfad394eab47c5558  0023-Optimize-inserting-records-into-server-list.patch
6cfd44add1214d4f9d9504edacb2a0ce3ece371b2a44966cda0446884386a70234cafc5aee52ddc15be8252439e3aab15780eb21c48f85ed73d9e858c37aa76f  0024-Fix-massive-confusion-on-server-reload.patch
41e36c721d47799711cd5f8fc6099a3fd53534ce052b59d58d40f457561ab5759ee443d0b043fcb105e0ca1ad0a241fd0a689560ed675a3d586cab4d38c38fc3  0025-reuse-server.patch
b04ad7a5019a64feb9e4237e5fbc4f2dc1b1ae12c092222a5e14099566022f17aa4eb9139f69a5a778166c6a096e311ab5ec6ce44fff8409f7df5f5ab86bdd60  CVE-2022-0934.patch
d0274417019af84911f3f4a850e785797bdc77732fd93504fe21db7317a874d2ab54bf7a211d000a751cdc43e225a30be4c1a315ab2383fc3fcc619e436aed97  config.h.patch
41679e0e889607896dcf7fdeb179b9b7a79095c9f86aebda131ac09c12e3ef2a94cece0018ab33ea08d3e6f6bbae44379e9d6fb8987fae29e68ecad952ccdd45  dnsmasq.conf.patch
0c609a55ca0140d8f31f8f6eb4cb96eca7bc76385d48739998bea926b409f3d72cbfdffc30ad3f9e3a62db4ea3280f7fe6a60a12fc091164814a7cdf6a14b307  dnsmasq.initd
c6ecec498f07916cd3c5ff183ff2a2ec478cf95ee43c0082d164b548d72b13fc9ba7cfbca9fb50e919e146708b5ce7f3b3a6565b36223c4efe1481172214ad93  dnsmasq.confd
"
